Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9506] New: qtshark Flow Graph segfaults

Wireshark-bugs: [Wireshark-bugs] [Bug 9506] New: qtshark Flow Graph segfaults

Date: Wed, 04 Dec 2013 14:12:43 +0000
Bug ID	9506
Summary	qtshark Flow Graph segfaults
Classification	Unclassified
Product	Wireshark
Version	SVN
Hardware	x86-64
OS	Gentoo
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Wireshark
Assignee	[email protected]
Reporter	[email protected]
Created attachment 12226 [details]
Patch file for ui/qt/sequence_dialog.cpp

Build Information:
TShark 1.11.3 (SVN Rev 53780 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.32.4, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, with SMI 0.4.8, with c-ares 1.7.4, with Lua
5.1, without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.3, with MIT Kerberos,
without GeoIP.

Running on Linux 3.10.7-gentoo, with locale en_US.UTF-8, with libpcap version
1.3.0, with libz 1.2.8.
Intel(R) Xeon(R) CPU           W3565  @ 3.20GHz

Built using gcc 4.6.3.
--
This probably applies to all hardware and OS.

Statistics->Flow Graph in qtshark crashes with a segfault. Resulting backtrace
shows:

Program terminated with signal 11, Segmentation fault.
#0  0x00000000005e4116 in SequenceDiagram::draw (this=0x2e191f0,
painter=0x7fff08ded980)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_diagram.cpp:201
201            if (sai->fd->num == selected_packet_) {
(gdb) where
#0  0x00000000005e4116 in SequenceDiagram::draw (this=0x2e191f0,
painter=0x7fff08ded980)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_diagram.cpp:201
#1  0x0000000000559955 in QCustomPlot::draw (this=0x2d93860,
painter=0x7fff08ded980)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/qcustomplot.cpp:10402
#2  0x0000000000558378 in QCustomPlot::replot (this=0x2d93860) at
/home/dameiss/torch/svn/wireshark-trunk/ui/qt/qcustomplot.cpp:9904
#3  0x0000000000506ae0 in SequenceDialog::vScrollBarChanged (this=0x2d92580,
value=876)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_dialog.cpp:228
#4  0x0000000000537669 in SequenceDialog::qt_static_metacall (_o=0x2d92580,
_c=QMetaObject::InvokeMetaMethod, _id=3, _a=0x7fff08dedbb0)
    at
/home/dameiss/torch/wireshark-build/wireshark-trunk-both-build-andromeda/ui/qt/moc_sequence_dialog.cxx:98
#5  0x00007f4de80c4f51 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#6  0x00007f4de8c5420e in QAbstractSlider::valueChanged(int) () from
/usr/lib64/qt4/libQtGui.so.4
#7  0x0000000000506bc1 in SequenceDialog::yAxisChanged (this=0x2d92580,
range=...)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_dialog.cpp:240
#8  0x00000000005376b3 in SequenceDialog::qt_static_metacall (_o=0x2d92580,
_c=QMetaObject::InvokeMetaMethod, _id=5, _a=0x7fff08dedd70)
    at
/home/dameiss/torch/wireshark-build/wireshark-trunk-both-build-andromeda/ui/qt/moc_sequence_dialog.cxx:100
#9  0x00007f4de80c4f51 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#10 0x00000000005ec7d5 in QCPAxis::rangeChanged (this=0x2d97b00, _t1=...)
    at
/home/dameiss/torch/wireshark-build/wireshark-trunk-both-build-andromeda/ui/qt/moc_qcustomplot.cxx:1206
#11 0x0000000000547467 in QCPAxis::setRange (this=0x2d97b00, lower=-1,
upper=17.871794871794872)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/qcustomplot.cpp:4256
#12 0x00000000005081b8 in SequenceDialog::resetAxes (this=0x2d92580,
keep_lower=true)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_dialog.cpp:422
#13 0x00000000005066fd in SequenceDialog::resizeEvent (this=0x2d92580,
event=0x7fff08dee5e0)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_dialog.cpp:170
#14 0x00007f4de863bdd0 in QWidget::event(QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#15 0x00007f4de85eacf4 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib64/qt4/libQtGui.so.4
#16 0x00007f4de85efac3 in QApplication::notify(QObject*, QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#17 0x00007f4de80b10ec in QCoreApplication::notifyInternal(QObject*, QEvent*)
() from /usr/lib64/qt4/libQtCore.so.4
#18 0x00007f4de8635ff5 in QWidgetPrivate::sendPendingMoveAndResizeEvents(bool,
bool) () from /usr/lib64/qt4/libQtGui.so.4
#19 0x00007f4de8635f39 in QWidgetPrivate::sendPendingMoveAndResizeEvents(bool,
bool) () from /usr/lib64/qt4/libQtGui.so.4
#20 0x00007f4de863950b in QWidgetPrivate::prepareToRender(QRegion const&,
QFlags<QWidget::RenderFlag>) () from /usr/lib64/qt4/libQtGui.so.4
#21 0x00007f4de8639904 in QWidgetPrivate::render(QPaintDevice*, QPoint const&,
QRegion const&, QFlags<QWidget::RenderFlag>, bool) ()
   from /usr/lib64/qt4/libQtGui.so.4
#22 0x00007f4de8639c49 in QWidget::render(QPaintDevice*, QPoint const&, QRegion
const&, QFlags<QWidget::RenderFlag>) ()
   from /usr/lib64/qt4/libQtGui.so.4
#23 0x00007f4de863ad28 in
QWidgetEffectSourcePrivate::pixmap(Qt::CoordinateSystem, QPoint*,
QGraphicsEffect::PixmapPadMode) const ()
   from /usr/lib64/qt4/libQtGui.so.4
#24 0x00007f4de8c4d544 in QGraphicsEffectSource::pixmap(Qt::CoordinateSystem,
QPoint*, QGraphicsEffect::PixmapPadMode) const ()
   from /usr/lib64/qt4/libQtGui.so.4
#25 0x00007f4de8c4d639 in QGraphicsEffect::sourcePixmap(Qt::CoordinateSystem,
QPoint*, QGraphicsEffect::PixmapPadMode) const ()
   from /usr/lib64/qt4/libQtGui.so.4
#26 0x00007f4de8c4eeb1 in QGraphicsOpacityEffect::draw(QPainter*) () from
/usr/lib64/qt4/libQtGui.so.4
#27 0x00007f4de8637769 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib64/qt4/libQtGui.so.4
#28 0x00007f4de8637e1f in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*,
QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*,
QWidgetBackingStore*) () from /usr/lib64/qt4/libQtGui.so.4
#29 0x00007f4de8636edc in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib64/qt4/libQtGui.so.4
#30 0x00007f4de8637e1f in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*,
QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*,
QWidgetBackingStore*) () from /usr/lib64/qt4/libQtGui.so.4
#31 0x00007f4de8636edc in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib64/qt4/libQtGui.so.4
#32 0x00007f4de8637e1f in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*,
QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*,
QWidgetBackingStore*) () from /usr/lib64/qt4/libQtGui.so.4
#33 0x00007f4de8636edc in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib64/qt4/libQtGui.so.4
#34 0x00007f4de8637e1f in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*,
QList<QObject*> const&, int, QRegion const&, QPoint const&, int, QPainter*,
QWidgetBackingStore*) () from /usr/lib64/qt4/libQtGui.so.4
#35 0x00007f4de8636edc in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion
const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) ()
   from /usr/lib64/qt4/libQtGui.so.4
#36 0x00007f4de88015e2 in QWidgetBackingStore::sync() () from
/usr/lib64/qt4/libQtGui.so.4
#37 0x00007f4de862df00 in QWidgetPrivate::syncBackingStore() () from
/usr/lib64/qt4/libQtGui.so.4
#38 0x00007f4de863bdb6 in QWidget::event(QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#39 0x00007f4de89eff8b in QMainWindow::event(QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#40 0x00007f4de85eacf4 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib64/qt4/libQtGui.so.4
#41 0x00007f4de85efac3 in QApplication::notify(QObject*, QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#42 0x00007f4de80b10ec in QCoreApplication::notifyInternal(QObject*, QEvent*)
() from /usr/lib64/qt4/libQtCore.so.4
#43 0x00007f4de80b499a in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) () from /usr/lib64/qt4/libQtCore.so.4
#44 0x00007f4de80dfee3 in postEventSourceDispatch(_GSource*, int (*)(void*),
void*) () from /usr/lib64/qt4/libQtCore.so.4
#45 0x00007f4de7c566f3 in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#46 0x00007f4de7c56a40 in g_main_context_iterate.isra.23 () from
/usr/lib64/libglib-2.0.so.0
#47 0x00007f4de7c56b04 in g_main_context_iteration () from
/usr/lib64/libglib-2.0.so.0
#48 0x00007f4de80e030f in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /usr/lib64/qt4/libQtCore.so.4
#49 0x00007f4de868dc5e in
QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() from /usr/lib64/qt4/libQtGui.so.4
#50 0x00007f4de80b4e2f in
QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib64/qt4/libQtCore.so.4
#51 0x00000000004fe56b in update_progress_dlg (dlg=0xee37c8, percentage=0,
status=0x7fff08df0ef0 "   0 of 11949 packets")
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/progress_bar.cpp:100
#52 0x00000000004b54f5 in process_specified_packets (cf=0x8c6c60 <cfile>,
range=0x7fff08df11d0, string1=0x60afcc "Recalculating statistics on", 
    string2=0x60add0 "all packets", terminate_is_stop=1, callback=0x4b55eb
<retap_packet>, callback_args=0x7fff08df1000)
    at /home/dameiss/torch/svn/wireshark-trunk/file.c:2282
#53 0x00000000004b5742 in cf_retap_packets (cf=0x8c6c60 <cfile>) at
/home/dameiss/torch/svn/wireshark-trunk/file.c:2385
#54 0x0000000000601254 in sequence_analysis_list_get (cf=0x8c6c60 <cfile>,
sainfo=0x2d925c0)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/tap-sequence-analysis.c:238
#55 0x0000000000507ca0 in SequenceDialog::fillDiagram (this=0x2d92580) at
/home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_dialog.cpp:365
#56 0x00000000005064fe in SequenceDialog::SequenceDialog (this=0x2d92580,
parent=0xdbbd80, cf=0x8c6c60 <cfile>, type=SequenceDialog::any)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/sequence_dialog.cpp:146
#57 0x00000000004e5721 in MainWindow::on_actionStatisticsFlowGraph_triggered
(this=0xdbbd80)
    at /home/dameiss/torch/svn/wireshark-trunk/ui/qt/main_window_slots.cpp:1753
#58 0x000000000053540e in MainWindow::qt_static_metacall (_o=0xdbbd80,
_c=QMetaObject::InvokeMetaMethod, _id=137, _a=0x7fff08df16f0)
    at
/home/dameiss/torch/wireshark-build/wireshark-trunk-both-build-andromeda/ui/qt/moc_main_window.cxx:536
#59 0x00000000005357c5 in MainWindow::qt_metacall (this=0xdbbd80,
_c=QMetaObject::InvokeMetaMethod, _id=137, _a=0x7fff08df16f0)
    at
/home/dameiss/torch/wireshark-build/wireshark-trunk-both-build-andromeda/ui/qt/moc_main_window.cxx:612
#60 0x00007f4de80c5159 in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#61 0x00007f4de85e4862 in QAction::triggered(bool) () from
/usr/lib64/qt4/libQtGui.so.4
#62 0x00007f4de85e4a4f in QAction::activate(QAction::ActionEvent) () from
/usr/lib64/qt4/libQtGui.so.4
#63 0x00007f4de8a114e9 in
QMenuPrivate::activateCausedStack(QList<QPointer<QWidget> > const&, QAction*,
QAction::ActionEvent, bool) ()
   from /usr/lib64/qt4/libQtGui.so.4
#64 0x00007f4de8a17732 in QMenuPrivate::activateAction(QAction*,
QAction::ActionEvent, bool) () from /usr/lib64/qt4/libQtGui.so.4
#65 0x00007f4de863b6bc in QWidget::event(QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#66 0x00007f4de8a18ccb in QMenu::event(QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#67 0x00007f4de85eacf4 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib64/qt4/libQtGui.so.4
#68 0x00007f4de85f0393 in QApplication::notify(QObject*, QEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#69 0x00007f4de80b10ec in QCoreApplication::notifyInternal(QObject*, QEvent*)
() from /usr/lib64/qt4/libQtCore.so.4
#70 0x00007f4de85ebcc2 in QApplicationPrivate::sendMouseEvent(QWidget*,
QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool)
    () from /usr/lib64/qt4/libQtGui.so.4
#71 0x00007f4de8667f24 in QETWidget::translateMouseEvent(_XEvent const*) ()
from /usr/lib64/qt4/libQtGui.so.4
#72 0x00007f4de866667a in QApplication::x11ProcessEvent(_XEvent*) () from
/usr/lib64/qt4/libQtGui.so.4
#73 0x00007f4de868dfc2 in x11EventSourceDispatch(_GSource*, int (*)(void*),
void*) () from /usr/lib64/qt4/libQtGui.so.4
#74 0x00007f4de7c566f3 in g_main_context_dispatch () from
/usr/lib64/libglib-2.0.so.0
#75 0x00007f4de7c56a40 in g_main_context_iterate.isra.23 () from
/usr/lib64/libglib-2.0.so.0
#76 0x00007f4de7c56b04 in g_main_context_iteration () from
/usr/lib64/libglib-2.0.so.0
#77 0x00007f4de80e0376 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /usr/lib64/qt4/libQtCore.so.4
#78 0x00007f4de868dc5e in
QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() from /usr/lib64/qt4/libQtGui.so.4
#79 0x00007f4de80afb72 in
QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib64/qt4/libQtCore.so.4
#80 0x00007f4de80afdc7 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib64/qt4/libQtCore.so.4
#81 0x00007f4de80b4c95 in QCoreApplication::exec() () from
/usr/lib64/qt4/libQtCore.so.4
#82 0x00000000004c4796 in main (argc=0, argv=0x7fff08df3130) at
/home/dameiss/torch/svn/wireshark-trunk/ui/qt/main.cpp:996
(gdb) print *sai
$1 = {fd = 0x0, src_addr = {type = AT_NONE, hf = 0, len = 0, data = ""
port_src = 0, dst_addr = {type = AT_NONE, hf = 0, len = 0, 
    data = "" port_dst = 0, frame_label = 0x0, time_str = 0x0, comment =
0x0, conv_num = 0, display = 0, src_node = 0, dst_node = 0, 
  line_style = 0}

What appears to be happening is SequenceDiagram::draw() is iterating over the
stored seq_analysis_item_t elements - but at the same time
SequenceDialog::fillDiagram() is running - which destroys the old
seq_analysis_info_t (which SequenceDiagram has stored a copy of and is
referencing items in the list) then reloads it.

I'll attach a patch to SequenceDialog::fillDiagram() which fixes the problem -
essentially calling sequence_analysis_list_get() with a new
seq_analysis_info_t, calling SequenceDialog::setData() with the new one, then
destroying the current seq_analysis_info_t and replacing it with the new one.
You are receiving this mail because:
You are watching all bug changes.
Follow-Ups:
- [Wireshark-bugs] [Bug 9506] qtshark Flow Graph segfaults
  - From: bugzilla-daemon
Prev by Date: [Wireshark-bugs] [Bug 9505] WCDMA RLC dissector cannot assemble PDUs with SNs skipped and wrap-arounded
Next by Date: [Wireshark-bugs] [Bug 9506] qtshark Flow Graph segfaults
Previous by thread: [Wireshark-bugs] [Bug 9505] WCDMA RLC dissector cannot assemble PDUs with SNs skipped and wrap-arounded
Next by thread: [Wireshark-bugs] [Bug 9506] qtshark Flow Graph segfaults
Index(es):
- Date
- Thread